> -----Original Message----- > From: > [email protected] > > [mailto:[email protected] > illa.org] On Behalf Of Markus Moeller > Sent: Monday, April 13, 2009 7:04 PM > To: [email protected] > Subject: Re: SASL authentication > > Try to add an option -o secprop="maxssf=0" or similar.
Although this option does not work for ldapsearch directly, you give me the hint. The working one seems to be -O "maxssf=0". ================================== q...@durian(pts/1):~[13]$ ldapsearch -Y GSSAPI -O "maxssf=0" -H 'ldaps://13.198.98.35:636' -b 'dc=sesswin2003,dc=com' -s sub -LLL 'cn=qxu' mail SASL/GSSAPI authentication started SASL username: [email protected] SASL SSF: 0 dn: CN=qxu,CN=Users,DC=sesswin2003,DC=com mail: [email protected] # refldaps://ForestDnsZones.sesswin2003.com/DC=ForestDnsZones,DC=sesswin2003, DC=com # refldaps://DomainDnsZones.sesswin2003.com/DC=DomainDnsZones,DC=sesswin2003, DC=com # refldaps://sesswin2003.com/CN=Configuration,DC=sesswin2003,DC=com ================================== You can see the feedback is "SASL SSF: 0". By the way, when maxssf is set to 56 by default, what is the encryption method it is using? Why will it be in conflict with SSL/TLS? Thanks a million, Xu Qiang _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
